Nonmonotonicity, User Interfaces, and Risk Assessment in Certificate Revocation
We consider certificate revocation from three high-level perspectives: temporal nonmonotonicity, user interfaces, and risk management. We argue that flawed understanding of these three aspects of revocation schemes has caused these schemes to be unnecessarily costly, complex, and confusing. We also comment briefly on some previous works, including those of Rivest , Fox and LaMacchia , and McDaniel and Rubin .
KeywordsCertificates Revocation PKI CRL
Unable to display preview. Download preview PDF.
- 1.Carlisle Adams and Robert Zuccherato, “A General, Flexible Approach to Certificate Revocation,” June 1998. http://www.entrust.com/resourcecenter/pdf/certrev.pdf.
- 2.Carlisle Adams and Stephen Farrell, “Internet X.509 Public Key Infrastructure Certificate Management Protocols,” IETF RFC 2510, March 1999. http://www.ietf.org/rfc/rfc2510.txt.
- 3.David A. Cooper, “A Closer Look at Revocation and Key Compromise in Public Key Infrastructures,” in Proceedings of the 21st National Information Systems Security Conference, pp. 555–565, October 1998. http://csrc.nist.gov/nissc/1998/proceedings/paperG2.pdf.
- 4.David A. Cooper, “A More Efficient Use of Delta-CRLs,” in Proceedings of the 2000 IEEE Symposium on Security and Privacy, pp. 190–202, May 2000. http://csrc.nist.gov/pki/documents/sliding_window.pdf.
- 6.Carl A. Gunter and Trevor Jim, “Generalized Certificate Revocation,” in Proceedings of the 27th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL 2000), pp. 316–329, January 2000. http://www.cis.upenn.edu/~qcm/papers/popl00.pdf.
- 8.Russell Housley, Warwick Ford, Tim Polk, and David Solo, “Internet X.509 Public Key Infrastructure Certificate and CRL Profile,” IETF RFC 2459, Janurary 1999. http://www.ietf.org/rfc/rfc2459.txt.
- 9.Paul Kocher, “On Certificate Revocation and Validation,” inFC’98 , pp. 172–177, 1998.Google Scholar
- 10.Patrick McDaniel and Sugih Jamin, “Windowed Certificate Revocation,” in Proceedings of IEEE Infocom 2000, pp. 1406–1414, March 2000. http://www.eecs.umich.edu/~pdmcdan/docs/info2000.pdf.
- 11.Patrick McDaniel and Aviel Rubin, “A Response to ‘Can We Eliminate Certificate Revocation Lists?’,” in Proceedings of Financial Cryptography 2000, February 2000. http://www.eecs.umich.edu/~pdmcdan/docs/finc00.pdf.
- 12.Silvio Micali, “Efficient Certificate Revocation,” Technical Report TM-542b, MIT Laboratory for Computer Science, March, 1996. ftp://ftp.lcs.mit.edu/pub/lcs-pubs/tm.outbox/MIT-LCS-TM-542b.ps.gz.
- 13.Michael Myers, “Revocation: Options and Challenges,” inFC’98 , pp. 165–171, 1998.Google Scholar
- 14.Michael Myers, Rich Ankney, Ambarish Malpani, Slava Galperin, and Carlisle Adams, “X.509 Internet Public Key Infrastructure Online Certificate Status Protocol-OCSP,” IETF RFC 2560, June 1999. http://www.ietf.org/rfc/rfc2560.txt.
- 15.Moni Naor and Kobbi Nissim, “Certificate Revocation and Certificate Update,” in Proceedings of the 7th USENIX Security Symposium, pp. 217–228, January 1998. http://www.wisdom.weizmann.ac.il/~kobbi/papers/revoke_usenix.ps.
- 17.Stuart G. Stubblebine, “Recent-Secure Authentication: Enforcing Revocation in Distributed Systems,” in Proceedings of the 1995 IEEE Symposium on Research in Security and Privacy, pp. 224–234, May 1995. http://www.stubblebine.com/95oak.pdf.
- 18.Stuart G. Stubblebine and Rebbeca N. Wright, “An Authentication Logic Supporting Synchronization, Revocation, and Recency,” in Proceedings of the Third ACM Conference on Computer and Communications Security, pp. 95–105, March 1996. http://www.stubblebine.com/96ccs.pdf.
- 19.Rebecca N. Wright, Patrick D. Lincoln, and Jonathan K. Millen, “Efficient Fault-Tolerant Certificate Revocation,” in Proceedings of the 7th ACM Conference on Computer and Communications Security (CCS 2000), November 2000. http://www.research.att.com/~rwright/ccs00.ps.
- 20.Committee on Information Systems Trustworthiness, National Research Council, Trust in Cyberspace, National Academy Press, 1999. http://www.nap.edu/html/trust/.